Organizations are increasingly looking to securely identify users who access and utilize their services and resources, both on the Internet and offline, while keeping these users' information private from everyone else. These user authentication and data sharing needs are driven by cost and efficiency considerations, by new business models that leverage personal information, and by the explosive rise of phishing, identity theft, and other security threats. Conventional mechanisms for user authentication and data sharing, such as plastic cards and paper certificates, are costly, vulnerable to counterfeiting, and problematic for online use.
As a result, there is a rapidly growing interest in mechanisms (e.g., X.509 certificates) that can be implemented in software and/or hardware and employed to secure monetary or financial transactions over the Internet. However, these mechanisms are limited because, for example, they cannot be used without disclosing at least some information associated with the user. During a verification procedure, in order to determine whether a credential is valid, the user provides at least some identity data in order to be authenticated. In some cases, an issuer may want to stop a particular user from using the credential that has already been issued, such as when the user may be no longer qualified to use previously issued credentials, the attributes contained therein have become temporarily or permanently invalid, or the user violated policies associated with a service provider. For users whose credentials were not revoked, therefore, proving validity cannot be accomplished without disclosing private and/or confidential information in the form of one or more attributes. This is because the attributes themselves are used to keep track of revoked credentials.